In this blog post, I will help you to configure DMARC records through your DirectAdmin control panel.
Both DKIM and SPF used to authenticate emails.
So, What Is DMARC?
Domain-based Message Authentication Reporting and Conformance or DMARC is not an email authentication method like DKIM and SPF.
Instead, DMARC leverages DKIM and SPF to perform a more advanced check on each email received.
As a domain owner, you can define its authentication procedure with DMARC. This is known as a DMARC policy.
With DMARC, the policy instructs an incoming server on what to do if the email fails to pass the DMARC test.
Now let’s quickly understand how SPF and DKIM work to authenticate emails.
With SPF records, you can specify which IP addresses can be used to send emails on your behalf.
If the sender’s IP mismatch with one of the IPs and domains from the SPF record, the SPF check fails.
DKIM is a digital signature for emails.
The DKIM holds the headers and body of an email message that hashes with a specific method and encrypted with a private key.
The receiver’s email server can recreate the values with a public key and compare it against the signature the server received.
The DKIM check fails if the values mismatch.
DMARC needs at least one of these SPF or DKIM record checks present.
The Benefits of DMARC
DMARC is the most effective weapon against spoofers.
Imagine, a cybercriminal sees your domain is configured correctly with a DMARC record.
Then this cybercriminal would likely give up on trying to spoof your domain.
Do you know why?
They understand that their possibilities of succeeding are near to none, so they often won’t even try to spoof it.
Email receiving servers know that emails coming from DMARC-secured domains are likely to be legit.
How to Configure DMARC in DirectAdmin?
Both SPF and DKIM will be configured automatically. But, you will need to set DMARC records manually.
Don’t worry; it is very easy to set up. Follow this instruction.
Log in to your DirectAdmin account.
Click on the DNS Management icon under the Account Manager category.
In the DNS Management page, click on the Add Record button.
A popup window will appear now.
Now choose TXT from the Record Type drop-down menu.
Select DMARC from the TXT Record Type option.
Most of the fields would be pre-populated there. However, we can still modify it based on your requirements.
I have listed the values so that you can make use of it.
Record Type: TXT
TXT Record Type: DMARC
Domain policy type: I recommend to use Quarantine. But please see the three options below.
None – It means that the email must be treated as same as if there no DMARC record available. Here messages may get delivered or flagged as spam or get rejected; all these will happen based on other factors.
Quarantine – it allows emails but won’t deliver to the inbox. Usually, these emails would go to the spam/junk folder.
Reject – reject the failed messages right away.
Subdomain policy type: Same as domain
Aggregate Email (RUA): Your Primary Email Address
The email would contain high-level data about the reasons for failures but won’t give you any details.
Forensic Email (RUF): Your Primary Email Address
With Forensic Email, you can get detailed individual forensics reports of failed emails.
Report Format: Authentication Failure Reporting Format
Reporting Interval: 86400
Alignment mode for DKIM: Relaxed
Alignment mode for SPF: Relaxed
At last, the Value field will show you the actual DMARC policy that is going to be added. If you wish you can modify it.
Now once you are satisfied with the inputs, click on the Add button and DirectAdmin will save and publish the DMARC details.
How to Verify the DMARC Configuration?
Verifying DMARC, SPF and DKIM setup is relatively easy.
One of the easiest ways is to use MX Lookup.
Visit MxToolbox and input your domain name and hit the MX Lookup button.
You can then see the result.